xloader

General

Target

60352657d5b40d618bca9dd61bcaa201bc22807b07a583dd99a4e6cb8111ded9
Size

698KB
Sample

241121-y1tnls1lhj
MD5

2f6e3739216de5d6d5b745fbf6292cd6
SHA1

0be5cbdb71f7f074ef0dc451f9ed44a27ce75dcc
SHA256

60352657d5b40d618bca9dd61bcaa201bc22807b07a583dd99a4e6cb8111ded9
SHA512

d51be84c94a8ef7809344512a287bbcec5c5b1feec8d38e93d0f0adb948d1759c9bd555ef9610589c32f041d41bfe813b3ebfbb7c7b929fc3f74d1777fb3ce16
SSDEEP

12288:xnXTCVq2fg8MxvkIYOhHTEPp0r3IPdOH2p7PctDDkAkBd7BZzRCMbg:xuowg8+MIzHTQ0rQOH2p7PeNkBd7jRCl

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

a8si

Decoy

mosquitocontrolpro.com

omfgphil.com

qqkit.net

compusolutionsac.com

skynetaccess.com

helmetmoto.com

webdomoupravitel.com

thepocket-onlinelesson.xyz

stefaniehirsch.space

goalsandballs.com

xn--bro-ba-3ya.com

tomrings.com

4520oceanviewavenue.com

mamaebemorientada.com

shopwreathrails.com

restaurantestancia.com

annaquatics.info

mnarchitect.design

best-cleaner.com

jobhuizhan.com

Targets

- Target
  
  Bonifico n.4301311110000077/Bonifico n.4301311110000077.exe
- Size
  
  1020KB
- MD5
  
  3c69123d5a21d83e352662802c332cb8
- SHA1
  
  7dbfc51c8d209cca3f1f1255e9ef6ef84eb27df6
- SHA256
  
  4b0315e43226e127abc8f251de5e04dbaa17820b79251810e18494a545012266
- SHA512
  
  33a5f500ab6841b82ac2fdc3edcb947649049fa13fe0f83e991a65a58d68a86df36bbca9af1c45955f5c026ffd381e8eb7998defaf33e31b3bd4a6e2f847737c
- SSDEEP
  
  24576:wKBC7nJbsmlUu1sCwj28tfJt9B+P/qbXhuY:wKBC7lsmlxsD2y1bhuY
Score

10^/10

xloader a8si discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2